cancel
Showing results for 
Search instead for 
Did you mean: 

Email Approval Link - GRC 10

Former Member
0 Kudos

Hi All,

I have query regarding LINK_APPROVE_REJECT in GRC access requests.

When I keep this link in Email notifications, approver will click on it and link prompts to enter UserID and Password. Once the approver enters the credentials, link directly opens the Access request screen to that corresponding request number.

If we have SSO enabled, then we don't want this LINK_APPROVE_REJECT to prompt for logon. Is this possible? Or Is there any technical limitation to use SSO with Email approval link?

Please provide your valuable inputs.

Thanks,
Madan.

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Madan,

Yes, you can skip the usee validation step via SSO configuration.

There is no technical limitations with SSO for such purposes.

Let us knoe if you have any questions.

Regards,

Ameet

Former Member
0 Kudos

Hi Ameet,

We are using Enterprise portal.

GRC link will be there inside the portal as a Launchpad.

Once they click on the link, it takes directly to Work Inbox.

In case of using SSO via portal, I was told, it is not possible to enable approval link to take directly to the access request screen as in this case we don't use standard GRC variable LINK_APPROVE_REJECT and we need to use a different link as it should open NWBC screen with portal URL for SSO to work.

I am confused here as it is working with LINK_APPROVE_REJECT and but when we use portal and SSO enabled this cannot be achieved.

Is there any technical limitation as far as my scenario is considered ? Have you come across this scenario?

Please help

Regards,

Madan.

former_member197694
Active Contributor
0 Kudos

Dear Madan,

Meanwhile check with your basis team about the SSO parameters

login/accept_sso2_ticket  1

login/create_sso2_ticket   2


BR

Baithi

Former Member
0 Kudos

Hi Madan,

SSO can be set-up for portal systems as well and after doing that system will not ask users to authenticate.

You can refer: Configuring the AS ABAP for Issuing Logon Tickets - User Authentication and Single Sign-On - SAP Lib...

Maintain user name and password under SICF for GRFN_POWL_INBOX webservice.

For this you should have Work Inbox link in your email notification to open the work inbox link, and you also have to enable SSO.  Please ensure other SICF services have a user assigned.

Check for all these services whether or not these are in place and Maintain logon information for following services in SICF:

1.)GRAC_OIF_MY_PROFILE_EU

2.)GRAC_GAF_NAME_CHANGE_SERV_EU

3.)GRAC_POWL_REQUEST_STATUS_EU

4.)GRAC_GAF_PWD_SELFSERVICE_EU

5.)GRAC_OIF_USER_REGISTER_EU

6.)GRAC_GAF_ACCREQ_WITH_REQREF_EU

7.)GRAC_OIF_REQUEST_SUBMISSION_EU

8.)GRAC_GAF_ACCREQ_WITH_TEMPL_EU

9.)GRAC_GAF_ACCREQ_WITH_USEREF_EU

10.)GRAC_UIBB_END_USER_LOGIN

Which portal system you are using..?

For EP 7.02, you can refer: 1770050 - SSO is not working between EP 7.02 and GRC10

Hope this helps.

Let us know if you have any questions.

Regards,

Ameet

Former Member
0 Kudos

Hi Ameet,

We have setup SSO and it is working fine.

Issue is:

LINK_APPROVE_REJECT - This will point to GRC NWBC Url and takes you to the request approval screen directly. When approvers click on this and since this is not going via portal, it will prompt to enter UserID and Password

Our Email approval link, points to WorkInbox if using Portal as the URL should be Portal url connected to Work Inbox and should open the request approval screen. We cannot use the standard Email approval link.

I wanted to know if we develop some custom Email approval link in the same way as LINK_APPROVE_REJECT which points to the portal->GRC->WorkInbox->Open WorkItem, will it work or Is there any technical limitation for this as well as Is it possible to develop URL separately?

Regards,

Madan.

Former Member
0 Kudos

Hi Madan,

Access request approval email notification has nothing to do with the platform of the integrated backend connectors.

So from my understanding no matter if this is a portal system or ABAP system.. email notifications can be used the same way and once the approver clicks on the request item he can take the further actions.

We don't have any unique email notification template specific to the portal environments.

You try with the same notification and let us know where you are getting issues. Snap shots will help us further to get you the solutions.

Regards,

Ameet

Former Member
0 Kudos

Hi Ameet,

Sorry for late reply.

My query is more on how to take approver to directly request approval screen, instead of taking them to Work Inbox and again they clicking on the item in their work inbox to open approval screen when SSO is in place.

~ Madan